/* $OpenBSD: channels.c,v 1.356 2016/10/18 17:32:54 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
* This file contains functions for generic socket connection forwarding.
* There is also code for initiating connection forwarding for X11 connections,
* arbitrary tcp/ip connections, and the authentication agent connection.
*
* As far as I am concerned, the code I have written for this software
* can be used freely for any purpose. Any derived versions of this
* software must be clearly marked as such, and if the derived work is
* incompatible with the protocol description in the RFC file, it must be
* called by a name other than "ssh" or "Secure Shell".
*
* SSH2 support added by Markus Friedl.
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
* Copyright (c) 1999 Dug Song. All rights reserved.
* Copyright (c) 1999 Theo de Raadt. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/ioctl.h>
#include <sys/un.h>
#include <sys/socket.h>
#ifdef HAVE_SYS_TIME_H
# include <sys/time.h>
#endif
#include <netinet/in.h>
#include <arpa/inet.h>
#include <errno.h>
#include <fcntl.h>
#include <netdb.h>
#ifdef HAVE_STDINT_H
#include <stdint.h>
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <termios.h>
#include <unistd.h>
#include <stdarg.h>
#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
#include "ssh.h"
#include "ssh1.h"
#include "ssh2.h"
#include "ssherr.h"
#include "packet.h"
#include "log.h"
#include "misc.h"
#include "buffer.h"
#include "channels.h"
#include "compat.h"
#include "canohost.h"
#include "key.h"
#include "authfd.h"
#include "pathnames.h"
/* -- channel core */
/*
* Pointer to an array containing all allocated channels. The array is
* dynamically extended as needed.
*/
static Channel **channels = NULL;
/*
* Size of the channel array. All slots of the array must always be
* initialized (at least the type field); unused slots set to NULL
*/
static u_int channels_alloc = 0;
/*
* Maximum file descriptor value used in any of the channels. This is
* updated in channel_new.
*/
static int channel_max_fd = 0;
/* -- tcp forwarding */
/*
* Data structure for storing which hosts are permitted for forward requests.
* The local sides of any remote forwards are stored in this array to prevent
* a corrupt remote server from accessing arbitrary TCP/IP ports on our local
* network (which might be behind a firewall).
*/
/* XXX: streamlocal wants a path instead of host:port */
/* Overload host_to_connect; we could just make this match Forward */
/* XXX - can we use listen_host instead of listen_path? */
typedef struct {
char *host_to_connect; /* Connect to 'host'. */
int port_to_connect; /* Connect to 'port'. */
char *listen_host; /* Remote side should listen address. */
char *listen_path; /* Remote side should listen path. */
int listen_port; /* Remote side should listen port. */
Channel *downstream; /* Downstream mux*/
} ForwardPermission;
/* List of all permitted host/port pairs to connect by the user. */
static ForwardPermission *permitted_opens = NULL;
/* List of all permitted host/port pairs to connect by the admin. */
static ForwardPermission *permitted_adm_opens = NULL;
/* Number of permitted host/port pairs in the array permitted by the user. */
static int num_permitted_opens = 0;
/* Number of permitted host/port pair in the array permitted by the admin. */
static int num_adm_permitted_opens = 0;
/* special-case port number meaning allow any port */
#define FWD_PERMIT_ANY_PORT 0
/* special-case wildcard meaning allow any host */
#define FWD_PERMIT_ANY_HOST "*"
/*
* If this is true, all opens are permitted. This is the case on the server
* on which we have to trust the client anyway, and the user could do
* anything after logging in anyway.
*/
static int all_opens_permitted = 0;
/* -- X11 forwarding */
/* Maximum number of fake X11 displays to try. */
#define MAX_DISPLAYS 1000
/* Saved X11 local (client) display. */
static char *x11_saved_display = NULL;
/* Saved X11 authentication protocol name. */
static char *x11_saved_proto = NULL;
/* Saved X11 authentication data. This is the real data. */
static char *x11_saved_data = NULL;
static u_int x11_saved_data_len = 0;
/* Deadline after which all X11 connections are refused */
static u_int x11_refuse_time;
/*
* Fake X11 authentication data. This is what the server will be sending us;
* we should replace any occurrences of this by the real data.
*/
static u_char *x11_fake_data = NULL;
static u_int x11_fake_data_len;
/* -- agent forwarding */
#define NUM_SOCKS 10
/* AF_UNSPEC or AF_INET or AF_INET6 */
static int IPv4or6 = AF_UNSPEC;
/* helper */
static void port_open_helper(Channel *c, char *rtype);
static const char *channel_rfwd_bind_host(const char *listen_host);
/* non-blocking connect helpers */
static int connect_next(struct channel_connect *);
static void channel_connect_ctx_free(struct channel_connect *);
/* -- channel core */
Channel *
channel_by_id(int id)
{
Channel *c;
if (id < 0 || (u_int)id >= channels_alloc) {
logit("channel_by_id: %d: bad id", id);
return NULL;
}
c = channels[id];
if (c == NULL) {
logit("channel_by_id: %d: bad id: channel free", id);
return NULL;
}
return c;
}
Channel *
channel_by_remote_id(int remote_id)
{
Channel *c;
u_int i;
for (i = 0; i < channels_alloc; i++) {
c = channels[i];
if (c != NULL && c->remote_id == remote_id)
return c;
}
return NULL;
}
/*
* Returns the channel if it is allowed to receive protocol messages.
* Private channels, like listening sockets, may not receive messages.
*/
Channel *
channel_lookup(int id)
{
Channel *c;
if ((c = channel_by_id(id)) == NULL)
return (NULL);
switch (c->type) {
case SSH_CHANNEL_X11_OPEN:
case SSH_CHANNEL_LARVAL:
case SSH_CHANNEL_CONNECTING:
case SSH_CHANNEL_DYNAMIC:
case SSH_CHANNEL_OPENING:
case SSH_CHANNEL_OPEN:
case SSH_CHANNEL_INPUT_DRAINING:
case SSH_CHANNEL_OUTPUT_DRAINING:
case SSH_CHANNEL_ABANDONED:
case SSH_CHANNEL_MUX_PROXY:
return (c);
}
logit("Non-public channel %d, type %d.", id, c->type);
return (NULL);
}
/*
* Register filedescriptors for a channel, used when allocating a channel or
* when the channel consumer/producer is ready, e.g. shell exec'd
*/
static void
channel_register_fds(Channel *c, int rfd, int wfd, int efd,
int extusage, int nonblock, int is_tty)
{
/* Update the maximum file descriptor value. */
channel_max_fd = MAXIMUM(channel_max_fd, rfd);
channel_max_fd = MAXIMUM(channel_max_fd, wfd);
cha
没有合适的资源?快使用搜索试试~ 我知道了~
openssh-7.4p1.tar.gz
需积分: 11 50 下载量 118 浏览量
2018-05-10
11:02:38
上传
评论
收藏 1.44MB GZ 举报
温馨提示
共699个文件
c:261个
h:119个
sh:86个
OpenSSH是SSH协议远程登录的首选连接工具。它加密所有流量以消除窃听,连接劫持和其他攻击。另外,OpenSSH提供了一套安全的隧道功能,多种认证方法和复杂的配置选项。 OpenSSH套件包含以下工具: 远程操作使用 ssh, scp和 sftp完成。 使用ssh-add, ssh-keysign, ssh-keyscan和 ssh-keygen进行密钥管理 。 服务 端由sshd, sftp-server和 ssh-agent组成。 OpenSSH是由OpenBSD项目的一些开发人员开发的, 并且可以使用BSD格式的许可证。 OpenSSH被纳入到许多商业产品中,但这些公司中很少有公司通过资助协助OpenSSH。
资源推荐
资源详情
资源评论
收起资源包目录
openssh-7.4p1.tar.gz (699个子文件)
ssh_config.0 55KB
sshd_config.0 51KB
ssh.0 48KB
sshd.0 32KB
ssh-keygen.0 27KB
sftp.0 15KB
scp.0 6KB
ssh-agent.0 6KB
ssh-add.0 5KB
ssh-keyscan.0 5KB
sftp-server.0 4KB
moduli.0 3KB
ssh-keysign.0 2KB
ssh-pkcs11-helper.0 642B
ssh.1 44KB
ssh-keygen.1 26KB
sftp.1 14KB
ssh-agent.1 7KB
ssh-add.1 7KB
ssh-copy-id.1 6KB
scp.1 5KB
ssh-keyscan.1 4KB
ssh_config.5 49KB
sshd_config.5 46KB
moduli.5 4KB
sshd.8 29KB
sftp-server.8 5KB
ssh-keysign.8 3KB
ssh-pkcs11-helper.8 1KB
configure.ac 139KB
PROTOCOL.agent 18KB
mdoc2man.awk 8KB
ed25519_1.fp.bb 66B
ecdsa_2.fp.bb 66B
ed25519_2.fp.bb 66B
rsa_1.fp.bb 66B
rsa_2.fp.bb 66B
dsa_2.fp.bb 66B
dsa_1.fp.bb 66B
ecdsa_1.fp.bb 66B
rsa1_2.fp.bb 66B
rsa1_1.fp.bb 66B
channels.c 124KB
sshkey.c 97KB
packet.c 82KB
readconf.c 77KB
clientloop.c 76KB
ssh-keygen.c 73KB
servconf.c 70KB
ssh.c 63KB
session.c 62KB
mux.c 60KB
sshd.c 58KB
sftp.c 57KB
rijndael.c 52KB
sshconnect2.c 51KB
sftp-client.c 49KB
umac.c 45KB
monitor.c 44KB
sshconnect.c 42KB
sftp-server.c 42KB
loginrec.c 42KB
netcat.c 40KB
ssh-agent.c 36KB
krl.c 34KB
scp.c 32KB
auth-pam.c 32KB
auth2-pubkey.c 30KB
misc.c 27KB
kex.c 26KB
glob.c 26KB
sha2.c 25KB
test_iterate.c 25KB
serverloop.c 24KB
auth.c 23KB
blowfish.c 23KB
hostfile.c 22KB
sshconnect1.c 22KB
monitor_wrap.c 22KB
bsd-snprintf.c 21KB
moduli.c 20KB
bsd-cray.c 20KB
ssh-keyscan.c 19KB
ssh-pkcs11.c 19KB
cipher.c 18KB
authfd.c 18KB
auth-options.c 17KB
auth2.c 16KB
ssh-add.c 16KB
test_sshkey.c 15KB
dh.c 15KB
getopt_long.c 14KB
authfile.c 14KB
ssh_api.c 14KB
test_sshbuf_getput_basic.c 14KB
getrrsetbyname.c 14KB
nchan.c 13KB
port-aix.c 12KB
test_file.c 12KB
test_helper.c 12KB
共 699 条
- 1
- 2
- 3
- 4
- 5
- 6
- 7
资源评论
筱家小雅
- 粉丝: 19
- 资源: 21
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功